Making Privacy Great Again (?) – The Blackphone Story – Part 3 – Being Matt Damon

The Awareness lessons Matt Damon Had Taught Me.

(This is part 3 in a series of articles I’m publishing about my investigation into the security of the Silent Circle Blackphone 2. I case you missed them, I invite you to read part 1 and part 2)…

Now that I have received the Blackphone 2 I was facing a dilemma – what would be the best way to investigate it? To answer that, I decided to ask myself what would Matt Demon do if he was me.

To explain what the heck I mean by that, I wish to introduce to you a remarkable educator (and a real Mensch) called Dr. Nancy Carlsson-Paige. She is a professor Emerita at Lesley University where she taught teachers for more than 30 years and was a founder of the University’s Center for Peaceable Schools, but to many she is known because of her son, Matt Damon. A few years ago, I’ve been in contact with Dr. Carlsson-Paige because of my son’s Autism, and I’m extremely full of gratitude for her words and advice. I encourage you to read her book “Taking Back Childhood: A Proven Road Map for Raising Confident, Creative, Compassionate Kids”, it is a masterpiece.

Anyway, back to Matt. Four years ago, Dr. Carlsson-Paige gave a TED talk in which she described how many years ago she managed to put her place on fire, and how Matt (who was five years old at the time) run out of the room, and how he run back wearing his red corduroy bathrobe, his black lashes, a fire-fighter hat, a divers mask, and a little rubber tube which he used to play as if he is spraying water on the fire. He was playing.

Let me share with you what Dr. Carlsson-Paige said about child learning:

Fantasy and reality in the minds of young kids are not separate worlds the way they are for us, they are very intertwined, they’re very in mesh. All children know how to play. Playing is as natural to kids as walking and talking, and it’s just as essential to their healthy growth. Play is the root of learning for kids. For little kids, process is really what matters, they don’t cling to products. when a child is being taught that this “4” means four, he learns that this is a name, but this does not mean the child understand the concept of it. We can have four tires, four pennies, four elephants, and those groups of four things looks incredibly different. In order to understand that they are all four we have to abstract the idea of four out of the group of things and think about the “four-ness” they have in common. That’s a very complicated idea and it takes a child many years to figure it out. The name of the number and the concept of then number are not the same thing. You can direct teach the name of the number easily. You can sit the kids down and teach them “that’s 4, that’s 5, that’s 6.” It’s simple – you just show them the symbol and teach them the name, but for them to understand the concept of 4, that’s something they have to build over time, that they have to build in their own mind. It’s a kind of understanding that have to develop in the mind as a result of experience and activity and interaction. It’s not something that can be directly taught. It’s much more complicated than the simple naming of the number, and children can name the number without understanding the concept because they are two different activities.

And now, I will quote and paraphrase Dr. Carlsson-Paige words so they will adjust to our topic of educating security:

The difference between understanding concepts and reciting facts is very important for us to understand right now, because it captures the essence of what is happening in education today. There is a gross misunderstanding of what education is, that had swept across the country, and the unfortunate belief is that you can direct teach, and you can measure and you can quantify learning. But the truth is it’s only the most superficial and most mechanical aspects of learning that can be reduced to numbers… the only way that you can get people to all learn the same thing at the same time is to sit them down and pour in or stuff in the information into their heads, whether they’re ready to learn it or not. All the power of the learning experience … the initiative, the creativity, the fact one can define and solve their own problem, original thinking, the ability to invent new idea, perseverance, cooperation and working together on a common project – all these amazing capacities are cut out when we drill and grill. When we take the natural and powerful capabilities that people have out of the education equation we take the love out of learning, we take the joy out of learning. We have a dramatic disappearance of play, both kinds of play – the make belief play and the hands-on play with materials, especially in the poorest communities, because education depends on funding. I wish you could see the faces I see when I witness people who are being forced to follow education activities. A lot of people look confused, they look tuned out, some of them look scared, some are sad or crying, many of them have already learned a sense of failure. Because when you have right answers and wrong answers, when there is only one way to solve a problem then you get it right or wrong and you’re a winner or you’re a looser. I feel a lot of anguish for those I see. They try so hard to adapt themselves to the unfit approaches that are being used today. They REALLY try to learn the information that the instructor tells them they’re supposed to know. But their spirit retreats. CEOs love to say that “our employees are our greatest and most valuable resource”, but the resources are inside of them, and what we have to do is to figure out how do we create an education system that nurtures and develops and builds on to the magnificent capacities that human beings bring to when they play.

And this brought me back to 2011. In 2011, the legend which is also known by the name of Dan Kaminsky came to Brucon and gave what is probably one the best presentations I’ve seen on Bitcoin. I remember his talk because he started by saying “the purpose of this talk is to play with toys”. Here is a link to a video of the same talk he gave in the 2011 Chaos Communication Congress due to higher quality:

So yes, the easiest way to solve my problems were to try to see what others have done before, and there are multiple sites that share information, most notably are the XDA Developers forums. However, I wanted to try and see if limiting the exposure to “names” and having as much as possible “hands on” experience will work. For example, instead of sitting down reading a book or watching a YouTube video on the whole boot process I decided to see if I can figure out the process by myself with as little as possible prior knowledge. Or, in other words – I decided to play like a child do, to learn by failure without even realising it is failure. I decided to pretend I’m Mr robot, and started my imaginary adventure to hack my new toy. See See you in part 4, where I will share with how easy it was to hack the phone… or not…